Posted
by
timothy
on Sunday October 23, 2011 @12:33PM
from the bland-acceptance dept.

Motor writes "As has long been expected — we are now beginning to see governments pushing for the use of so-called 'trusted computing' — chips installed in all computers that effectively remove control of the PC from its owner. While there may be security advantages to some of the ideas, few can doubt that it represents a fundamental shift in the IT world. A radical move away from an open technology landscape and towards a system that denies all access unless you have the right credentials. Governments will demand the right credentials to access their services — meaning approved software stacks (i.e Windows) with the right digital signatures. Vernor Vinge had it right ."

We will create and use our own internet and if you have one of those chips on your computer, we'll disable your access to it. Thanks Government for giving us a way of checking if someone is controlled by you!!

It's one of those double edged swords - you can indeed, create a trusted platform. The question is, where does the trust reside?

Despite all the the hoo-haa about MS pushing Secure Boot for Windows 8 machines, part of me thinks it's a good thing - it will help to prevent a certain class of rootkit. The downside is that I don't trust MS not to abuse the feature to make it harder to load other operating systems on your machine. A colleague of mine was impressed enough with a certain LiveUSB this week that he intends to try it out on his ageing, ailing, overcrufted Windows machine at home. If Secure Boot was enabled on his machine, this would not have been possible.

Given the amount of software on my Windows machine at work devoted to snooping on what software I run, what files I have on my drive, and what websites I visit, the attitude is that my employer does not trust ME. To be honest, I wouldn't trust the average user not to foul up their computer. I might even welcome a trusted platform, if it meant that all this cruft went away and I could devote the resources to actually doing my job... but as a software developer, I can't run in an completely trusted environment, by definition, I have to be able to run software that has not been approved by our IT department, because I'm writing it.